diff options
Diffstat (limited to 'source3')
-rw-r--r-- | source3/auth/auth_unix.c | 58 | ||||
-rw-r--r-- | source3/auth/pass_check.c | 13 | ||||
-rw-r--r-- | source3/include/proto.h | 3 | ||||
-rw-r--r-- | source3/param/loadparm.c | 9 | ||||
-rw-r--r-- | source3/web/cgi.c | 4 |
5 files changed, 7 insertions, 80 deletions
diff --git a/source3/auth/auth_unix.c b/source3/auth/auth_unix.c index a9a4c53704..8668a2f579 100644 --- a/source3/auth/auth_unix.c +++ b/source3/auth/auth_unix.c @@ -23,60 +23,6 @@ #undef DBGC_CLASS #define DBGC_CLASS DBGC_AUTH -/** - * update the encrypted smbpasswd file from the plaintext username and password - * - * this ugly hack needs to die, but not quite yet, I think people still use it... - **/ -static bool update_smbpassword_file(const char *user, const char *password) -{ - struct samu *sampass; - bool ret; - - if ( !(sampass = samu_new( NULL )) ) { - return False; - } - - become_root(); - ret = pdb_getsampwnam(sampass, user); - unbecome_root(); - - if(ret == False) { - DEBUG(0,("pdb_getsampwnam returned NULL\n")); - TALLOC_FREE(sampass); - return False; - } - - /* - * Remove the account disabled flag - we are updating the - * users password from a login. - */ - if (!pdb_set_acct_ctrl(sampass, pdb_get_acct_ctrl(sampass) & ~ACB_DISABLED, PDB_CHANGED)) { - TALLOC_FREE(sampass); - return False; - } - - if (!pdb_set_plaintext_passwd (sampass, password)) { - TALLOC_FREE(sampass); - return False; - } - - /* Now write it into the file. */ - become_root(); - - ret = NT_STATUS_IS_OK(pdb_update_sam_account (sampass)); - - unbecome_root(); - - if (ret) { - DEBUG(3,("pdb_update_sam_account returned %d\n",ret)); - } - - TALLOC_FREE(sampass); - return ret; -} - - /** Check a plaintext username/password * * Cannot deal with an encrupted password in any manner whatsoever, @@ -102,9 +48,7 @@ static NTSTATUS check_unix_security(const struct auth_context *auth_context, nt_status = pass_check(pass, pass ? pass->pw_name : user_info->mapped.account_name, user_info->password.plaintext, - lp_update_encrypted() ? - update_smbpassword_file : NULL, - True); + true); unbecome_root(); diff --git a/source3/auth/pass_check.c b/source3/auth/pass_check.c index d1b720c922..ee35fba5f4 100644 --- a/source3/auth/pass_check.c +++ b/source3/auth/pass_check.c @@ -647,8 +647,10 @@ match is found and is used to update the encrypted password file return NT_STATUS_OK on correct match, appropriate error otherwise ****************************************************************************/ -NTSTATUS pass_check(const struct passwd *pass, const char *user, const char *password, - bool (*fn) (const char *, const char *), bool run_cracker) +NTSTATUS pass_check(const struct passwd *pass, + const char *user, + const char *password, + bool run_cracker) { char *pass2 = NULL; int level = lp_passwordlevel(); @@ -820,9 +822,6 @@ NTSTATUS pass_check(const struct passwd *pass, const char *user, const char *pas /* try it as it came to us */ nt_status = password_check(password); if NT_STATUS_IS_OK(nt_status) { - if (fn) { - fn(user, password); - } return (nt_status); } else if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_WRONG_PASSWORD)) { /* No point continuing if its not the password thats to blame (ie PAM disabled). */ @@ -850,8 +849,6 @@ NTSTATUS pass_check(const struct passwd *pass, const char *user, const char *pas if (strhasupper(pass2)) { strlower_m(pass2); if NT_STATUS_IS_OK(nt_status = password_check(pass2)) { - if (fn) - fn(user, pass2); return (nt_status); } } @@ -865,8 +862,6 @@ NTSTATUS pass_check(const struct passwd *pass, const char *user, const char *pas strlower_m(pass2); if (NT_STATUS_IS_OK(nt_status = string_combinations(pass2, password_check, level))) { - if (fn) - fn(user, pass2); return nt_status; } diff --git a/source3/include/proto.h b/source3/include/proto.h index c6061fc9ed..850710b2c7 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -232,7 +232,7 @@ bool smb_pam_close_session(char *in_user, char *tty, char *rhost); void dfs_unlogin(void); NTSTATUS pass_check(const struct passwd *pass, const char *user, const char *password, - bool (*fn) (const char *, const char *), bool run_cracker); + bool run_cracker); /* The following definitions come from auth/token_util.c */ @@ -3708,7 +3708,6 @@ bool _lp_writeraw(void); bool lp_null_passwords(void); bool lp_obey_pam_restrictions(void); bool lp_encrypted_passwords(void); -bool lp_update_encrypted(void); int lp_client_schannel(void); int lp_server_schannel(void); bool lp_syslog_only(void); diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index b20b56578c..f2000221a1 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -1102,15 +1102,6 @@ static struct parm_struct parm_table[] = { .flags = FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD, }, { - .label = "update encrypted", - .type = P_BOOL, - .p_class = P_GLOBAL, - .ptr = &Globals.bUpdateEncrypt, - .special = NULL, - .enum_list = NULL, - .flags = FLAG_ADVANCED, - }, - { .label = "client schannel", .type = P_ENUM, .p_class = P_GLOBAL, diff --git a/source3/web/cgi.c b/source3/web/cgi.c index 0c1c80e724..3d7b32c293 100644 --- a/source3/web/cgi.c +++ b/source3/web/cgi.c @@ -373,9 +373,7 @@ static bool cgi_handle_authorization(char *line) * Validate the password they have given. */ - if NT_STATUS_IS_OK(pass_check(pass, user, user_pass, - NULL, False)) { - + if NT_STATUS_IS_OK(pass_check(pass, user, user_pass, false)) { if (pass) { /* * Password was ok. |